Saturday, May 2, 2009

Find out what svchost.exe is running

You've probably ran across a point in time where your computer is running really slow. You check the Task Manager and see that svchost.exe is the program causing the problem, but you probably don't know what it is. Well, it is a generic process that could potentially be running many different things, and most of the time they are important for your system to function. However, spyware/adware, viruses, and antivirus software (just to name a few) sometimes can make svchost act up, which can slow your computer to a crawl. It's a good thing that finding out what exactly is happening behind the scenes of an svchost.exe process that is running rampant isn't very difficult.

1. While in Task Manager and on the Process tab, go to View->Select Columns...
2. Check the box for PID (Process Identifier), then click OK
3. You'll now see a PID column. Find the PID for the svchost.exe process that you want to check on
4. Open up a command prompt window (Go to Start->Run, type cmd, then press OK)
5. Within the command prompt, type tasklist /svc, then press Enter
6. You'll see a list of process on the left, along with their corresponding PID's. Find the match to your PID from step #3. On the right you can see the "Services" column, which tells you what that specific instance of svchost.exe is actually running.

You'll probably have multiple instances of svchost.exe running, and that's normal. It's also the reason why you need to pay attention to the PID in order to make sure you examine the correct instance of svchost. If something looks suspect and you believe you may be infected with a virus or some type of spyware or adware, check out my other posts with links to free software that can help you remove those problems. You can also go back into Task Manager and kill a svchost.exe process that is running unnecessary programs, but if it is some type of virus or spyware, it will most likely be prepared for that and just restart itself as quickly as you killed it.

You can use tasklist for many thing. Another would be to check to see what process is using which port(s) on the computer. If you're interested, check out my other post.

1 comment:

pfisher said...

Screen shots would make this perfect! But other than that great post I've been wondering how you can track down an svchost.